Your iPhone can be susceptible to threats even when it’s turned off, researchers at Germany’s Darmstadt University of Technology have found
When the iPhone is turned off, most wireless chips, including Bluetooth, Near Field Communication (NFC), and Ultra-wideband (UWB), remain active for up to 24 hours. This way the phone can still be found via the Find My network and you still have access to things like credit cards, student cards and digital keys.
These wireless chips have direct access to the secure element and apparently this can be exploited to install malware on the iPhone even when iOS is not running.
The wireless chips run in a Low-Power Mode (LPM), not to be confused with the power-saving mode that extends battery life. Support for LPM is implemented in the hardware, which means that this problem cannot be solved with a software solution.
Researchers conducted a security analysis of LPM features introduced with iOS 15 and found that Bluetooth LPM firmware can be modified to run malware on iPhone. These loopholes have not been explored before and could allow hackers with system-level access to track someone’s location or perform new functions on a phone.
The problem seems to stem from the fact that LPM features are designed around functionality and apparently not much attention has been paid to potential threats outside of the intended applications.
Find My after power off turns closed iPhones into tracking devices by design, and the implementation within the Bluetooth firmware is not protected against tampering. Tracking properties can be secretly changed by attackers with system-level access.
notes that most iPhone users have nothing to worry about since infections required a jailbroken iPhone. However, the vulnerability could be used by spyware such as Pegasus can target humans and can even be used to infect chips in the event that malicious parties discover flaws prone to over-the-air exploits.
The findings were disclosed to Apple and the company also read the paper, but did not provide any feedback.